| 27 Sep 2024 |
 puck | Mic92 https://github.com/NixOS/nix/pull/11603 is not quite the right solution to the problem i described
nix successfully finds a CA bundle (the cacert one); but trying to use it inside builtin:fetchurl fails because the sandbox doesn't allow access to the CA certificate file | 16:31:26 |
| puck | you can replicate this on nixos by e.g. doing NIX_SSL_CERT_FILE=$(nix-build '<nixpkgs>' -A cacert)/etc/ssl/certs/ca-bundle.crt nix-build --store $(mktemp -d) -E 'import <nix/fetchurl.nix> { url = https://google.com; }' | 16:33:33 |
| puck | i was just using openSUSE as an example of it being broken out of the box on some systems now | 16:36:26 |
|  @artemis:arty.chat left the room. | 17:53:52 |
| 28 Sep 2024 |
 Mic92 | Redacted or Malformed Event | 07:36:35 |
| puck | are you on linux? | 07:38:45 |
| puck | on macOS, builtin:fetchurl isn't sandboxed | 07:38:55 |
 loudgolem | I am facing this issue in a git worktree (not a shallow clone)
$ nix --version
nix (Nix) 2.18.7
$ git worktree list
/shed/Projects/nixhome/nixpkgs 30439d93eb8b [nixos-unstable]
/shed/Projects/nixpkgs-worktrees/master fba54e879763 [bump-pagefind-1725329421]
$ pwd
/shed/Projects/nixpkgs-worktrees/master
$ nix build .#pagefind
error:
… while fetching the input 'git+file:///shed/Projects/nixpkgs-worktrees/master'
error: '/shed/Projects/nixpkgs-worktrees/master' is a shallow Git repository, but shallow repositories are only allowed when `shallow = true;` is specified.
it is working with nix build .?shallow=1#pagefind
| 11:10:01 |
| loudgolem | while in a real shallow clone, it works fine
[nix-shell:~/work/debug-action/debug-action/nixpkgs]$ git log
commit fba54e87976345a608a772635aae47c2c303d049 (grafted, HEAD -> bump-pagefind-1725329421, origin/bump-pagefind-1725329421)
Author: phanirithvij <phanirithvij2000@gmail.com>
Date: Sat Sep 28 16:25:48 2024 +0530
pagefind: nixfmt-rfc-style
[nix-shell:~/work/debug-action/debug-action/nixpkgs]$ nix build .#pagefind --print-out-paths
/nix/store/jmph2i2wjmxh5aglxg2ywmg4glv0p6h8-pagefind-1.1.1
| 11:23:10 |
| Mic92 | loudgolem: are you sure shallow clones work with nix 2.18? I think you need a newer nix version. | 14:27:14 |
| loudgolem | yeah my bad, in the second one using detsys nix | 14:27:51 |
| loudgolem | so with nix 2.18 worktrees are working as intended? | 14:28:44 |
| loudgolem | * so with nix 2.18 with git worktrees it is working as intended? | 14:29:06 |
| Mic92 | I don't know | 14:31:15 |
| Mic92 | https://github.com/NixOS/nix/pull/11610 | 15:10:58 |
| Mic92 | I didn't had the certificate verification patch in my fork. After that I was able to reproduce the tls error | 15:11:57 |
| 29 Sep 2024 |
|  LinearArray changed their profile picture. | 05:04:25 |
|  mrdev023 left the room. | 14:06:26 |
| mrdev023 joined the room. | 14:07:23 |
 trofi | In reply to @trofi:matrix.org
Specifically I see a SIGSEGV on a nix testsuite in the same function: https://bpa.st/raw/6YWTW Ended up being a compiler bug: https://gcc.gnu.org/PR116880 | 18:23:20 |
| 30 Sep 2024 |
| puck | Mic92 btw you may want to remove the n-o-m output on https://github.com/NixOS/nix/pull/11610/commits/c1ecf0bee973e620c9282bd71ddf1a5710968249 (and point directly to 37b22dae04f2da214e6b9bef3427e134280642ca instead of the merge commit?) | 22:57:37 |
| 1 Oct 2024 |
| Mic92 | I don't know what a n-o-m is | 01:31:13 |
| Mic92 | Need more characters | 01:31:30 |
| Mic92 | Ah nix-output-monitor | 01:35:00 |
| Mic92 | I will change it directly to the commit, but having the command that reproduces the error still seems useful to me. | 01:46:00 |
| puck | In reply to @joerg:thalheim.io
I will change it directly to the commit, but having the command that reproduces the error still seems useful to me. right, i just meant the spurious nix-output-monitor output, as it's caused by running with a non-standard store path | 02:18:18 |
| puck | and makes reading the actual error way harder | 02:18:31 |
| puck | In reply to @puck:puck.moe
right, i just meant the spurious nix-output-monitor output, as it's caused by running with a non-standard store path (nix-output-monitor error: DerivationReadError /nix/store/4qljhy0jj2b0abjzpsbyarpia1bqylwc-google.com.drv: openFile: does not exist (No such file or directory) etc) | 02:19:53 |
| Mic92 | got it. | 09:40:23 |
|  Bryan Honof joined the room. | 20:11:39 |
